Tech-invite3GPPspaceIETF RFCsSIP
93929190898887868584838281807978777675747372717069686766656463626160595857565554535251504948474645444342414039383736353433323130292827262524232221201918171615141312111009080706050403020100
in Index   Prev   Next

RFC 8295

EST (Enrollment over Secure Transport) Extensions

Pages: 54
Proposed Standard
Part 4 of 4 – Pages 40 to 54
First   Prev   None

Top   ToC   RFC8295 - Page 40   prevText

9. PAL and Certificate Enrollment

The /fullcmc PC is defined in [RFC7030]; the CMC (Certificate Management over Cryptographic Message Syntax) requirements and packages are defined in [RFC5272], [RFC5273], [RFC5274], and [RFC6402]. This section describes PAL interactions. Under normal circumstances, the client-server interactions for PKI enrollment are as follows: Client Server ---------------------> POST req: PKIRequest Content-Type: application/pkcs10 or POST req: PKIRequest Content-Type: application/pkcs7-mime smime-type=CMC-request <-------------------- POST res: PKIResponse Content-Type: application/pkcs7-mime smime-type=certs-only or POST res: PKIResponse Content-Type: application/pkcs7-mime smime-type=CMC-response If the response is rejected during the same session: Client Server ---------------------> POST req: PKIRequest Content-Type: application/pkcs10 or POST req: PKIRequest Content-Type: application/pkcs7-mime smime-type=CMC-request <-------------------- POST res: empty HTTPS Status Code or POST res: PKIResponse Content-Type: application/pkcs7-mime smime-type=CMC-response
Top   ToC   RFC8295 - Page 41
   If the request is to be filled later:

           Client                       Server
                  --------------------->
              POST req: PKIRequest
              Content-Type: application/pkcs10
             or
              POST req: PKIRequest
              Content-Type: application/pkcs7-mime
                            smime-type=CMC-request

                  <--------------------
                         POST res: empty
                         HTTPS Status Code
                         + Retry-After
                        or
                         POST res: PKIResponse (pending)
                         Content-Type: application/pkcs7-mime
                                       smime-type=CMC-response

                  --------------------->
              POST req: PKIRequest (same request)
              Content-Type: application/pkcs10
             or
              POST req: PKIRequest (CMC Status Info only)
              Content-Type: application/pkcs7-mime
                            smime-type=CMC-request

                  <--------------------
                         POST res: PKIResponse
                         Content-Type: application/pkcs7-mime
                                       smime-type=certs-only
                        or
                         POST res: PKIResponse
                         Content-Type: application/pkcs7-mime
                                       smime-type=CMC-response
Top   ToC   RFC8295 - Page 42
   With the PAL, the client begins after pulling the PAL and a Start
   Issuance PAL package type, essentially adding the following before
   the request:

           Client                       Server
                 --------------------->
             GET req: PAL
                  <--------------------
                         GET res: PAL
                         Content-Type: application/xml

   The client then proceeds as above with a simple PKI enrollment or a
   full CMC enrollment, or it begins enrollment assisted by a CSR:

           Client                       Server
                 --------------------->
             GET req: DS certificate with CSR

                  <--------------------
                         GET res: PAL
                         Content-Type: application/csrattrs

   For immediately rejected requests, CMC works well.  If the server
   prematurely closes the connection, then the procedures in
   Section 6.3.1 of [RFC7230] apply.  But this might leave the client
   and server in a different state.  The client could merely resubmit
   the request, but another option, documented herein, is for the client
   to instead download the PAL to see if the server has processed the
   request.  Clients might also use this process when they are unable to
   remain connected to the server for the entire enrollment process; if
   the server does not or is not able to return a PKIData indicating a
   status of pending, then the client will not know whether the request
   was received.  If a client uses the PAL and reconnects to determine
   if the certification or rekey or renew request was processed:

   o  Clients MUST authenticate the server, and clients MUST check the
      server's authorization.

   o  The server MUST authenticate the client, and the server MUST check
      the client's authorization.

   o  Clients retrieve the PAL, using the /pal URI.

   o  Clients and servers use the operation path of "/simpleenroll",
      "simplereenroll", or "/fullcmc", based on the PAL entry, with an
      HTTP GET [RFC7231] to get the success or failure response.

   Responses are as specified in [RFC7030].
Top   ToC   RFC8295 - Page 43

10. Security Considerations

This document relies on many other specifications; however, all of the security considerations in [RFC7030] apply. Refer also to the following: o For HTTP, HTTPS, and TLS security considerations, see [RFC7231], [RFC2818], and [RFC5246]. o For URI security considerations, see [RFC3986]. o For content type security considerations, see [RFC4073], [RFC4108], [RFC5272], [RFC5652], [RFC5751], [RFC5934], [RFC5958], [RFC6031], [RFC6032], [RFC6268], [RFC6402], [RFC7191], and [RFC7292]. o For algorithms used to protect packages, see [RFC3370], [RFC5649], [RFC5753], [RFC5754], [RFC5959], [RFC6033], [RFC6160], [RFC6161], [RFC6162], and [RFC7192]. o For random numbers, see [RFC4086]. o For server-generated asymmetric key pairs, see [RFC7030].
Top   ToC   RFC8295 - Page 44

11. IANA Considerations

IANA has created the "PAL Package Types" registry and performed three registrations: PAL Name Space, PAL XML Schema, and PAL Package Types.

11.1. PAL Name Space

This section registers a new XML namespace [XMLNS], "urn:ietf:params:xml:ns:pal", per the guidelines in [RFC3688]: URI: urn:ietf:params:xml:ns:pal Registrant Contact: Sean Turner (sean@sn3rd.com) XML: BEGIN <?xml version="1.0"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "https://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="https://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>Package Availability List</title> </head> <body> <h1>Namespace for Package Availability List</h1> <h2>urn:ietf:params:xml:ns:pal</h2> <p>See RFC 8295</p> </body> </html> END

11.2. PAL XML Schema

This section registers an XML schema as per the guidelines in [RFC3688]. URI: urn:ietf:params:xml:schema:pal Registrant Contact: Sean Turner (sean@sn3rd.com) XML: See Section 2.1.2.

11.3. PAL Package Types

IANA has created a new registry named "PAL Package Types". This registry is for PAL package types whose initial values are found in Section 2.1.1. Future registrations of PAL package types are subject to Expert Review, as defined in RFC 8126 [RFC8126]. Package types MUST be paired with a media type; package types specify the path components to be used that in turn specify the media type used.
Top   ToC   RFC8295 - Page 45

12. References

12.1. Normative References

[RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types", RFC 2046, DOI 10.17487/RFC2046, November 1996, <https://www.rfc-editor.org/info/rfc2046>. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>. [RFC2585] Housley, R. and P. Hoffman, "Internet X.509 Public Key Infrastructure Operational Protocols: FTP and HTTP", RFC 2585, DOI 10.17487/RFC2585, May 1999, <https://www.rfc-editor.org/info/rfc2585>. [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, DOI 10.17487/RFC2818, May 2000, <https://www.rfc-editor.org/info/rfc2818>. [RFC2985] Nystrom, M. and B. Kaliski, "PKCS #9: Selected Object Classes and Attribute Types Version 2.0", RFC 2985, DOI 10.17487/RFC2985, November 2000, <https://www.rfc-editor.org/info/rfc2985>. [RFC3370] Housley, R., "Cryptographic Message Syntax (CMS) Algorithms", RFC 3370, DOI 10.17487/RFC3370, August 2002, <https://www.rfc-editor.org/info/rfc3370>. [RFC3394] Schaad, J. and R. Housley, "Advanced Encryption Standard (AES) Key Wrap Algorithm", RFC 3394, DOI 10.17487/RFC3394, September 2002, <https://www.rfc-editor.org/info/rfc3394>. [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, DOI 10.17487/RFC3688, January 2004, <https://www.rfc-editor.org/info/rfc3688>. [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, DOI 10.17487/RFC3986, January 2005, <https://www.rfc-editor.org/info/rfc3986>.
Top   ToC   RFC8295 - Page 46
   [RFC4073]  Housley, R., "Protecting Multiple Contents with the
              Cryptographic Message Syntax (CMS)", RFC 4073,
              DOI 10.17487/RFC4073, May 2005,
              <https://www.rfc-editor.org/info/rfc4073>.

   [RFC4108]  Housley, R., "Using Cryptographic Message Syntax (CMS) to
              Protect Firmware Packages", RFC 4108,
              DOI 10.17487/RFC4108, August 2005,
              <https://www.rfc-editor.org/info/rfc4108>.

   [RFC4514]  Zeilenga, K., Ed., "Lightweight Directory Access Protocol
              (LDAP): String Representation of Distinguished Names",
              RFC 4514, DOI 10.17487/RFC4514, June 2006,
              <https://www.rfc-editor.org/info/rfc4514>.

   [RFC5246]  Dierks, T. and E. Rescorla, "The Transport Layer Security
              (TLS) Protocol Version 1.2", RFC 5246,
              DOI 10.17487/RFC5246, August 2008,
              <https://www.rfc-editor.org/info/rfc5246>.

   [RFC5272]  Schaad, J. and M. Myers, "Certificate Management over CMS
              (CMC)", RFC 5272, DOI 10.17487/RFC5272, June 2008,
              <https://www.rfc-editor.org/info/rfc5272>.

   [RFC5273]  Schaad, J. and M. Myers, "Certificate Management over CMS
              (CMC): Transport Protocols", RFC 5273,
              DOI 10.17487/RFC5273, June 2008,
              <https://www.rfc-editor.org/info/rfc5273>.

   [RFC5274]  Schaad, J. and M. Myers, "Certificate Management Messages
              over CMS (CMC): Compliance Requirements", RFC 5274,
              DOI 10.17487/RFC5274, June 2008,
              <https://www.rfc-editor.org/info/rfc5274>.

   [RFC5280]  Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
              Housley, R., and W. Polk, "Internet X.509 Public Key
              Infrastructure Certificate and Certificate Revocation List
              (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,
              <https://www.rfc-editor.org/info/rfc5280>.

   [RFC5649]  Housley, R. and M. Dworkin, "Advanced Encryption Standard
              (AES) Key Wrap with Padding Algorithm", RFC 5649,
              DOI 10.17487/RFC5649, September 2009,
              <https://www.rfc-editor.org/info/rfc5649>.

   [RFC5652]  Housley, R., "Cryptographic Message Syntax (CMS)", STD 70,
              RFC 5652, DOI 10.17487/RFC5652, September 2009,
              <https://www.rfc-editor.org/info/rfc5652>.
Top   ToC   RFC8295 - Page 47
   [RFC5751]  Ramsdell, B. and S. Turner, "Secure/Multipurpose Internet
              Mail Extensions (S/MIME) Version 3.2 Message
              Specification", RFC 5751, DOI 10.17487/RFC5751,
              January 2010, <https://www.rfc-editor.org/info/rfc5751>.

   [RFC5753]  Turner, S. and D. Brown, "Use of Elliptic Curve
              Cryptography (ECC) Algorithms in Cryptographic Message
              Syntax (CMS)", RFC 5753, DOI 10.17487/RFC5753,
              January 2010, <https://www.rfc-editor.org/info/rfc5753>.

   [RFC5754]  Turner, S., "Using SHA2 Algorithms with Cryptographic
              Message Syntax", RFC 5754, DOI 10.17487/RFC5754,
              January 2010, <https://www.rfc-editor.org/info/rfc5754>.

   [RFC5934]  Housley, R., Ashmore, S., and C. Wallace, "Trust Anchor
              Management Protocol (TAMP)", RFC 5934,
              DOI 10.17487/RFC5934, August 2010,
              <https://www.rfc-editor.org/info/rfc5934>.

   [RFC5958]  Turner, S., "Asymmetric Key Packages", RFC 5958,
              DOI 10.17487/RFC5958, August 2010,
              <https://www.rfc-editor.org/info/rfc5958>.

   [RFC5959]  Turner, S., "Algorithms for Asymmetric Key Package Content
              Type", RFC 5959, DOI 10.17487/RFC5959, August 2010,
              <https://www.rfc-editor.org/info/rfc5959>.

   [RFC5967]  Turner, S., "The application/pkcs10 Media Type", RFC 5967,
              DOI 10.17487/RFC5967, August 2010,
              <https://www.rfc-editor.org/info/rfc5967>.

   [RFC6010]  Housley, R., Ashmore, S., and C. Wallace, "Cryptographic
              Message Syntax (CMS) Content Constraints Extension",
              RFC 6010, DOI 10.17487/RFC6010, September 2010,
              <https://www.rfc-editor.org/info/rfc6010>.

   [RFC6031]  Turner, S. and R. Housley, "Cryptographic Message Syntax
              (CMS) Symmetric Key Package Content Type", RFC 6031,
              DOI 10.17487/RFC6031, December 2010,
              <https://www.rfc-editor.org/info/rfc6031>.

   [RFC6032]  Turner, S. and R. Housley, "Cryptographic Message Syntax
              (CMS) Encrypted Key Package Content Type", RFC 6032,
              DOI 10.17487/RFC6032, December 2010,
              <https://www.rfc-editor.org/info/rfc6032>.
Top   ToC   RFC8295 - Page 48
   [RFC6033]  Turner, S., "Algorithms for Cryptographic Message Syntax
              (CMS) Encrypted Key Package Content Type", RFC 6033,
              DOI 10.17487/RFC6033, December 2010,
              <https://www.rfc-editor.org/info/rfc6033>.

   [RFC6160]  Turner, S., "Algorithms for Cryptographic Message Syntax
              (CMS) Protection of Symmetric Key Package Content Types",
              RFC 6160, DOI 10.17487/RFC6160, April 2011,
              <https://www.rfc-editor.org/info/rfc6160>.

   [RFC6161]  Turner, S., "Elliptic Curve Algorithms for Cryptographic
              Message Syntax (CMS) Encrypted Key Package Content Type",
              RFC 6161, DOI 10.17487/RFC6161, April 2011,
              <https://www.rfc-editor.org/info/rfc6161>.

   [RFC6162]  Turner, S., "Elliptic Curve Algorithms for Cryptographic
              Message Syntax (CMS) Asymmetric Key Package Content Type",
              RFC 6162, DOI 10.17487/RFC6162, April 2011,
              <https://www.rfc-editor.org/info/rfc6162>.

   [RFC6268]  Schaad, J. and S. Turner, "Additional New ASN.1 Modules
              for the Cryptographic Message Syntax (CMS) and the Public
              Key Infrastructure Using X.509 (PKIX)", RFC 6268,
              DOI 10.17487/RFC6268, July 2011,
              <https://www.rfc-editor.org/info/rfc6268>.

   [RFC6402]  Schaad, J., "Certificate Management over CMS (CMC)
              Updates", RFC 6402, DOI 10.17487/RFC6402, November 2011,
              <https://www.rfc-editor.org/info/rfc6402>.

   [RFC7030]  Pritikin, M., Ed., Yee, P., Ed., and D. Harkins, Ed.,
              "Enrollment over Secure Transport", RFC 7030,
              DOI 10.17487/RFC7030, October 2013,
              <https://www.rfc-editor.org/info/rfc7030>.

   [RFC7303]  Thompson, H. and C. Lilley, "XML Media Types", RFC 7303,
              DOI 10.17487/RFC7303, July 2014,
              <https://www.rfc-editor.org/info/rfc7303>.

   [RFC7191]  Housley, R., "Cryptographic Message Syntax (CMS) Key
              Package Receipt and Error Content Types", RFC 7191,
              DOI 10.17487/RFC7191, April 2014,
              <https://www.rfc-editor.org/info/rfc7191>.

   [RFC7192]  Turner, S., "Algorithms for Cryptographic Message Syntax
              (CMS) Key Package Receipt and Error Content Types",
              RFC 7192, DOI 10.17487/RFC7192, April 2014,
              <https://www.rfc-editor.org/info/rfc7192>.
Top   ToC   RFC8295 - Page 49
   [RFC7193]  Turner, S., Housley, R., and J. Schaad, "The
              application/cms Media Type", RFC 7193,
              DOI 10.17487/RFC7193, April 2014,
              <https://www.rfc-editor.org/info/rfc7193>.

   [RFC7230]  Fielding, R., Ed., and J. Reschke, Ed., "Hypertext
              Transfer Protocol (HTTP/1.1): Message Syntax and Routing",
              RFC 7230, DOI 10.17487/RFC7230, June 2014,
              <https://www.rfc-editor.org/info/rfc7230>.

   [RFC7231]  Fielding, R., Ed., and J. Reschke, Ed., "Hypertext
              Transfer Protocol (HTTP/1.1): Semantics and Content",
              RFC 7231, DOI 10.17487/RFC7231, June 2014,
              <https://www.rfc-editor.org/info/rfc7231>.

   [RFC7292]  Moriarty, K., Ed., Nystrom, M., Parkinson, S., Rusch, A.,
              and M. Scott, "PKCS #12: Personal Information Exchange
              Syntax v1.1", RFC 7292, DOI 10.17487/RFC7292, July 2014,
              <https://www.rfc-editor.org/info/rfc7292>.

   [RFC8126]  Cotton, M., Leiba, B., and T. Narten, "Guidelines for
              Writing an IANA Considerations Section in RFCs", BCP 26,
              RFC 8126, DOI 10.17487/RFC8126, June 2017,
              <https://www.rfc-editor.org/info/rfc8126>.

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in
              RFC 2119 Key Words", BCP 14, RFC 8174,
              DOI 10.17487/RFC8174, May 2017,
              <https://www.rfc-editor.org/info/rfc8174>.

   [RFC8259]  Bray, T., Ed., "The JavaScript Object Notation (JSON) Data
              Interchange Format", STD 90, RFC 8259,
              DOI 10.17487/RFC8259, December 2017,
              <https://www.rfc-editor.org/info/rfc8259>.

   [XML]      Bray, T., Paoli, J., Sperberg-McQueen, M., Maler, E., and
              F. Yergeau, "Extensible Markup Language (XML) 1.0
              (Fifth Edition)", World Wide Web Consortium
              Recommendation REC-xml-20081126, November 2008,
              <https://www.w3.org/TR/2008/REC-xml-20081126/>.

   [XMLSCHEMA]
              Malhotra, A. and P. Biron, "XML Schema Part 2: Datatypes
              Second Edition", World Wide Web Consortium
              Recommendation REC-xmlschema-2-20041028, October 2004,
              <https://www.w3.org/TR/2004/REC-xmlschema-2-20041028>.
Top   ToC   RFC8295 - Page 50
   [X.690]    ITU-T, "Information technology - ASN.1 encoding rules:
              Specification of Basic Encoding Rules (BER), Canonical
              Encoding Rules (CER) and Distinguished Encoding Rules
              (DER)", ITU-T Recommendation X.690, ISO/IEC 8825-1,
              August 2015, <https://www.itu.int/rec/T-REC-X.690/en>.

12.2. Informative References

[PKCS12] IANA, "PKCS #12", <https://www.iana.org/assignments/ media-types/application/pkcs12>. [RFC4086] Eastlake 3rd, D., Schiller, J., and S. Crocker, "Randomness Requirements for Security", BCP 106, RFC 4086, DOI 10.17487/RFC4086, June 2005, <https://www.rfc-editor.org/info/rfc4086>. [RFC4949] Shirey, R., "Internet Security Glossary, Version 2", FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007, <https://www.rfc-editor.org/info/rfc4949>. [XMLNS] Bray, T., Hollander, D., Layman, A., Tobin, R., and H. Thompson, "Namespaces in XML 1.0 (Third Edition)", World Wide Web Consortium Recommendation REC-xml-names-20091208/, December 2009, <https://www.w3.org/TR/2009/REC-xml-names-20091208/>.
Top   ToC   RFC8295 - Page 51

Appendix A. Example Use of PAL

This is an informative appendix. It includes examples of protocol flows. Steps for using a PAL include the following: 1. Access PAL 2. Process PAL entries 2.1. Get CA certificates 2.2. Get CRLs 2.3. Get CSR attributes 2.4. Enroll: simple enrollment, re-enrollment, or full CMC 2.5. Get Firmware, TAMP, Symmetric Keys, or EE certificates Client Server ---------------------> -+ GET req: | /pal <--------------------- | GET res: PAL | Content-Type: application/xml | | ---------------------> -+ GET req: | /cacerts <--------------------- | GET res: CA Certificates | Content-Type: application/pkcs7-smime | smime-type=certs-only | | ---------------------> -+ GET req: | /crls <--------------------- | GET res: CRLs | Content-Type: application/pkcs7-smime | smime-type=crls-only | | ---------------------> -+ GET req: | /csrattrs <--------------------- | GET res: attributes |
Top   ToC   RFC8295 - Page 52
         --------------------->                     -+
   POST req: PKIRequest                              | /simpleenroll and
   Content-Type: application/pkcs10                  | /simplereenroll
                                                     |
   Content-Type: application/pkcs7-mime              | /fullcmc
                 smime-type=CMC-request              |
                                                     |
         <--------------------                       |
              (success or failure)                   |
              POST res: PKIResponse                  | /simpleenroll
              Content-Type: application/pkcs7-mime   | /simplereenroll
                            smime-type=certs-only    | /fullcmc
                                                     |
              Content-Type: application/pkcs7-mime   | /fullcmc
                            smime-type=CMC-response  |
                                                     |
         -------------------->                      -+
   GET req:                                          | /firmware
         <--------------------                       | /tamp
               GET res: Firmware, TAMP Query         | /symmetrickeys
                        + Updates, Symmetric Keys    |
                Content-Type: application/cms        |
                                                     |
         --------------------->                     -+
   POST res: Firmware Receipts or Errors,            | /firmware/return
   TAMP Response or Confirms or Errors,              | /tamp/return
   Symmetric Key Receipts or Errors                  | /symmetrickeys/
                                                     |      return
                                                     |
   Content-Type: application/cms                     |
         <--------------------                       |
               POST res: empty                       |
                (success or failure)                 |
         -------------------->                      -+
   GET req:                                          | /eecerts
         <--------------------                       |
               GET res: Other EE certificates        |
                Content-Type: application/pkcs7-mime |
                              smime-type=certs-only  |

   The figure above shows /eecerts after /*/return, but this is for
   illustrative purposes only.
Top   ToC   RFC8295 - Page 53

Appendix B. Additional CSR Attributes

This is an informative appendix. In some cases, the client is severely limited in its ability to encode and decode ASN.1 objects. If the client knows that a "csr" template is being provided during enrollment, then it can peel the returned CSR attribute, generate its keys, place the public key in the certification request, and then sign the request. To accomplish this, the server returns a pKCS7PDU attribute [RFC2985] in the /csrattrs (the following is "pseudo ASN.1" and is only meant to show the fields needed to accomplish returning a template certification request): pKCS7PDU ATTRIBUTE ::= { WITH SYNTAX ContentInfo ID pkcs-9-at-pkcs7PDU } pkcs-9-at-pkcs7PDU OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) pkcs-9-at(25) 5 } The ContentInfo is a PKIData: PKIData ::= SEQUENCE { reqSequence SEQUENCE SIZE(0..MAX) OF TaggedRequest } Where TaggedRequest is a choice between the PKCS #10 or Certificate Request Message Format (CRMF) requests. TaggedRequest ::= CHOICE { tcr [0] TaggedCertificationRequest, crm [1] CertReqMsg } Or, the ContentInfo can be a signed-data content type that further encapsulates a PKIData.
Top   ToC   RFC8295 - Page 54

Acknowledgements

Thanks in no particular order go to Alexey Melnikov, Paul Hoffman, Brad McInnis, Max Pritikin, Francois Rousseau, Chris Bonatti, and Russ Housley for taking time to provide comments.

Author's Address

Sean Turner sn3rd Email: sean@sn3rd.com